SUSE-SU-2019:0243-2

Опубликовано: 27 апр. 2019

Источник: suse-cvrf

Описание

Security update for python3

This update for python3 fixes the following issues:

Security issue fixed:

CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191)
CVE-2018-20406: Fixed a integer overflow via a large LONG_BINPUT (bsc#1120644)

Список пакетов

Image SLES12-SP4-Azure-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

Image SLES12-SP4-EC2-HVM-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

Image SLES12-SP4-GCE-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

Image SLES12-SP4-OCI-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

Image SLES12-SP4-SAP-Azure

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP4-SAP-Azure-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP4-SAP-EC2-HVM

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP4-SAP-EC2-HVM-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP4-SAP-GCE

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP4-SAP-GCE-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP4-SAP-OCI-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP5-Azure-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

Image SLES12-SP5-Azure-Basic-On-Demand

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

Image SLES12-SP5-Azure-HPC-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

Image SLES12-SP5-Azure-HPC-On-Demand

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

Image SLES12-SP5-Azure-SAP-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP5-Azure-SAP-On-Demand

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP5-Azure-Standard-On-Demand

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

Image SLES12-SP5-EC2-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

Image SLES12-SP5-EC2-ECS-On-Demand

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

Image SLES12-SP5-EC2-On-Demand

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

Image SLES12-SP5-EC2-SAP-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP5-EC2-SAP-On-Demand

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP5-GCE-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

Image SLES12-SP5-GCE-On-Demand

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

Image SLES12-SP5-GCE-SAP-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP5-GCE-SAP-On-Demand

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP5-OCI-BYOS-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

Image SLES12-SP5-OCI-BYOS-SAP-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

SUSE Linux Enterprise Server for SAP Applications 12 SP1

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20190243-2/
Link for SUSE-SU-2019:0243-2
https://lists.suse.com/pipermail/sle-security-updates/2019-April/005394.html
E-Mail link for SUSE-SU-2019:0243-2
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1120644
SUSE Bug 1120644
https://bugzilla.suse.com/1122191
SUSE Bug 1122191
https://www.suse.com/security/cve/CVE-2018-20406/
SUSE CVE CVE-2018-20406 page
https://www.suse.com/security/cve/CVE-2019-5010/
SUSE CVE CVE-2019-5010 page

Описание

Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

Затронутые продукты

Image SLES12-SP4-Azure-BYOS:libpython3_4m1_0-3.4.6-25.21.1

Image SLES12-SP4-Azure-BYOS:python3-3.4.6-25.21.1

Image SLES12-SP4-Azure-BYOS:python3-base-3.4.6-25.21.1

Image SLES12-SP4-EC2-HVM-BYOS:libpython3_4m1_0-3.4.6-25.21.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-20406.html
CVE-2018-20406
https://bugzilla.suse.com/1120644
SUSE Bug 1120644

Описание

An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.

Затронутые продукты

Image SLES12-SP4-Azure-BYOS:libpython3_4m1_0-3.4.6-25.21.1

Image SLES12-SP4-Azure-BYOS:python3-3.4.6-25.21.1

Image SLES12-SP4-Azure-BYOS:python3-base-3.4.6-25.21.1

Image SLES12-SP4-EC2-HVM-BYOS:libpython3_4m1_0-3.4.6-25.21.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-5010.html
CVE-2019-5010
https://bugzilla.suse.com/1122191
SUSE Bug 1122191
https://bugzilla.suse.com/1126909
SUSE Bug 1126909

SUSE-SU-2019:0243-2

Описание

Список пакетов

Image SLES12-SP4-Azure-BYOS

Image SLES12-SP4-EC2-HVM-BYOS

Image SLES12-SP4-GCE-BYOS

Image SLES12-SP4-OCI-BYOS

Image SLES12-SP4-SAP-Azure

Image SLES12-SP4-SAP-Azure-BYOS

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production

Image SLES12-SP4-SAP-EC2-HVM

Image SLES12-SP4-SAP-EC2-HVM-BYOS

Image SLES12-SP4-SAP-GCE

Image SLES12-SP4-SAP-GCE-BYOS

Image SLES12-SP4-SAP-OCI-BYOS

Image SLES12-SP5-Azure-BYOS

Image SLES12-SP5-Azure-Basic-On-Demand

Image SLES12-SP5-Azure-HPC-BYOS

Image SLES12-SP5-Azure-HPC-On-Demand

Image SLES12-SP5-Azure-SAP-BYOS

Image SLES12-SP5-Azure-SAP-On-Demand

Image SLES12-SP5-Azure-Standard-On-Demand

Image SLES12-SP5-EC2-BYOS

Image SLES12-SP5-EC2-ECS-On-Demand

Image SLES12-SP5-EC2-On-Demand

Image SLES12-SP5-EC2-SAP-BYOS

Image SLES12-SP5-EC2-SAP-On-Demand

Image SLES12-SP5-GCE-BYOS

Image SLES12-SP5-GCE-On-Demand

Image SLES12-SP5-GCE-SAP-BYOS

Image SLES12-SP5-GCE-SAP-On-Demand

Image SLES12-SP5-OCI-BYOS-BYOS

Image SLES12-SP5-OCI-BYOS-SAP-BYOS

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

SUSE Linux Enterprise Server for SAP Applications 12 SP1

Ссылки

Уязвимость: CVE-2018-20406

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-5010

Описание

Затронутые продукты

Ссылки